CYBERATTACKS: Should the US engage in offensive attacks?

The best example of an offensive cyberattack independent of a kinetic operation would be Stuxnet, the cyberweapon secretly used to damage nuclear installations in Iran. A U.S. official has privately confirmed to NPR what the New York Times reported last summer — that the United States had a role in developing Stuxnet.

Because the operation has been shrouded in secrecy, however, there has been no public discussion about the pros and cons of using a cyberweapon in the way Stuxnet was used.

Among the top concerns is that other countries, seeing Stuxnet apparently used by the United States and Israel, might conclude that they would also be justified in carrying out a cyberattack. The British author Misha Glenny, writing in the Financial Times, argued that the deployment of Stuxnet may be seen "as a starting gun; countries around the world can now argue that it is legitimate to use malware pre-emptively against their enemies."

Another concern is that the malicious software code in Stuxnet, instructing computers to order Iranian centrifuges to spin out of control, could be modified and used against U.S. infrastructure assets.

This is an issue about which I have not given any thought. Part of me says that if the US can do something like disable a nuclear weapons program with a cyberattack, then the US should do it. But, as the commentary above states, there are great risks of cyberattack proliferation.

The general sense was that the ability of cyber-warfare to do things like what the famous Stuxnet was designed to do is far more limited than fiction would have us believe.

If the two most sophisticated cyber-warfare nations in the world -- the United States and Israel -- can put their smartest minds to work on what is likely considered a high-priority task and given plentiful resources, and, the best they can achieve against a fairly isolated, smaller nation like Iran is setting them back a couple of months' research, how effective can we expect it to be?

I do not think we will see effective use of so-called cyber-warfare being a useful tool against hard targets like infrastructure, power plants, and the like, in my lifetime.

However, contrast this to the recent New York Times case, in which China hacked many of the Times' computer systems in what is assumed to be related to the publishing of stories about a corruption scandal in China.

Maybe I'm naive, but it has been my impression that these types of attacks/counter-attacks happen with somewhat regularity from both private and state sponsored entities. I have no issue with the "attacks" and I imagine many of our offensive tactics improve our defensive tactics. Anything it takes to monitor and disrupt countries like North Korea is a good thing in my book.

The best example of an offensive cyberattack independent of a kinetic operation would be Stuxnet, the cyberweapon secretly used to damage nuclear installations in Iran. A U.S. official has privately confirmed to NPR what the New York Times reported last summer — that the United States had a role in developing Stuxnet.

Because the operation has been shrouded in secrecy, however, there has been no public discussion about the pros and cons of using a cyberweapon in the way Stuxnet was used.

Among the top concerns is that other countries, seeing Stuxnet apparently used by the United States and Israel, might conclude that they would also be justified in carrying out a cyberattack. The British author Misha Glenny, writing in the Financial Times, argued that the deployment of Stuxnet may be seen "as a starting gun; countries around the world can now argue that it is legitimate to use malware pre-emptively against their enemies."

Another concern is that the malicious software code in Stuxnet, instructing computers to order Iranian centrifuges to spin out of control, could be modified and used against U.S. infrastructure assets.

This is an issue about which I have not given any thought. Part of me says that if the US can do something like disable a nuclear weapons program with a cyberattack, then the US should do it. But, as the commentary above states, there are great risks of cyberattack proliferation.

Your thoughts?

Well it is a weapon and one avilable to every country wi th computer systems and a couple of smart people......or money to buy them. I doubt our using it will trigger development and use against us and I doubt our abstaining would be much influence against it being used to damage us either.

I think cyber-warfare against "soft" targets happens with some regularity -- espionage, theft of intellectual property, occasional DDoS attacks, and the like.

The OP and article I linked -- I have not listened to the NPR story -- are talking more about attacks on "hard" targets like infrastructure, using cyber-warfare to cause physical damage. I do not think this is currently very common, as I do not think the capacity exists.

If it did, though, I think we should treat it as analogous to a guided bomb.

Originally Posted by 88 rex

Maybe I'm naive, but it has been my impression that these types of attacks/counter-attacks happen with somewhat regularity from both private and state sponsored entities. I have no issue with the "attacks" and I imagine many of our offensive tactics improve our defensive tactics. Anything it takes to monitor and disrupt countries like North Korea is a good thing in my book.

The U.S. should continue to develop every tool in it's arsenal else it be left behind. The only way to stay at the forefront is to continue to probe, analyze, or attack the enemies weapons and technologies, and try to stay one step ahead.
Along with that should be a continued effort to protect the U.S. system from attack itself. There are a lot of bright minds in other countries, heck we can't even protect ourselves from their spam and identity theft.

"I felt bad because I couldn't wheelie; until I met a man with no bicycle"